Results 1 to 2 of 2
Hi all,
I just stumbled across a libssl0.9.7 on my etch system. I am aware
of the security issues with libssl0.9.8 and I have updated the relevant
packages and regenerated ...
- 05-20-2008 #1Linux Newbie
- Join Date
- Sep 2007
- Posts
- 160
Should I remove/update libssl0.9.7 ?
Hi all,
I just stumbled across a libssl0.9.7 on my etch system. I am aware
of the security issues with libssl0.9.8 and I have updated the relevant
packages and regenerated my keys, there seem to be no vulnerable
keys left on my machine. So far so good.
My question: is it a reason for concern to have the older 0.9.7 version
on the system?
It's apparently required by liblrdf0, "a library to manipulate RDF files", I
don't know what it does and whether I need it.
Thanks, kai
- 05-21-2008 #2Linux Newbie
- Join Date
- Sep 2007
- Posts
- 160
On Debian -- Security*Information -- DSA-1571-1 openssl:
andIt is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch.So I can answer my own question: the old 0.9.7 should be free of the security issue.The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17
cheers, kai
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
